Mozilla will fix add-on signing issue for older Firefox versions - gHacks Tech News

Mozilla will fix add-on signing issue for older Firefox versions

Good news for Firefox users who run older versions of the web browser that are not supported anymore officially by Mozilla. Mozilla plans to release updates for these web browsers and also a standalone extension to address the add-on signing issue that caused browser add-ons to fail in all versions of the web browser.

Mozilla will release an automatic update that fixes the issue for the Firefox versions 52 through 60. Firefox users who run version 61 to 65 may install a browser extension instead to resolve the issue on their end.

Last Friday, Firefox users from around the world noticed that the Firefox browser would deactivate all installed browser add-ons. Firefox would display the notification "One or more installed add-ons cannot be verified and have been disabled" to users of the browser. All browser extensions were deactivated in the browser, and it was impossible to enable them again or download extensions from the Mozilla Add-ons website.

firefox add-ons disabled

Mozilla has yet to publish details on how something like this could happened; from what we know, it was a certificate that expired. Since it expired, it could not be used anymore to verify add-on signatures.

Mozilla reacted and released a fix through the Firefox browser's Shield studies system at first. The organization pushed out Firefox 66.0.4 and 66.0.5 to the Stable channel, and updates for other Firefox channels as well to resolve the issue.

While that took care of supported Firefox installations, it ignored Firefox installations that were not on the most recent version of the browser.

Mozilla updated the blog post that it released on May 4, 2019 several times. Yesterday's update highlights that a fix will be released for older versions of the Firefox web browser that are not supported officially anymore.

For users who cannot update to the latest version of Firefox or Firefox ESR, we plan to distribute an update that automatically applies the fix to versions 52 through 60. This fix will also be available as a user-installable extension. For anyone still experiencing issues in versions 61 through 65, we plan to distribute a fix through a user-installable extension. These extensions will not require users to enable Studies, and we’ll provide an update when they are available. (May 8. 19:28 EDT)

It is unclear how the update for Firefox 52 to 60 will be released. Do users have to search for the update (and risk being updated to a new version of Firefox), or is there another way to push an update to Firefox installations. Mozilla revealed that it would not use the Shield service for that. The organization promised that information will be provided once the update is available.

Mozilla plans to release a browser extension for Firefox 61 to 65 that fixes the issue as well. A link will be provided when it becomes available.

Closing Words

The decision to release updates for older versions of Firefox should please users who are still on that older version, and it should put the (conspiracy) theory to rest that Mozilla broke the system deliberately to force users to update to the latest version of the browser.

Something like this should never have happened; it showed how fragile enforced systems can be and how big of an impact simple things can have. It will be interesting to see how Mozilla plans to make sure that something like this won't happen again in the future.

Still, it is a good move by Mozilla to release updates for earlier versions. Whether that is the cause for the one-week release delay for the coming Firefox 67 release is unclear at this point.

Summary
Mozilla will fix add-on signing issue for older Firefox versions
Article Name
Mozilla will fix add-on signing issue for older Firefox versions
Description
Mozilla plans to release updates for these web browsers and also a standalone extension to address the add-on signing issue.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Dedup said on May 9, 2019 at 5:22 pm
    Reply

    Good news, thanks Mozilla ! I’m still using v56.02 because of some add-ons

  2. Anonymous said on May 9, 2019 at 7:02 pm
    Reply
    1. PDee said on May 12, 2019 at 5:01 am
      Reply

      Worked as it should; many thanks for doing this.

    2. John_Doe said on May 13, 2019 at 1:13 am
      Reply

      That is not the official fix.
      It’s been a week already and no answer.
      People using version 52.0.9, the last version for Vista/XP, must keep asking Mozilla.

  3. Anonymous said on May 9, 2019 at 7:27 pm
    Reply

    At this point it is foolish to continue to trust Mozilla. Their antics have proven that the benevolence of the 3.6 days had long expired.

    The saying “out of the frying pan into the fire” quite aptly describe these updates. Who know what’s next? Remote spyware addons? Setting loss?

    1. Iron Heart said on May 9, 2019 at 10:31 pm
      Reply
    2. loxia_01 said on May 9, 2019 at 11:11 pm
      Reply

      I myself, trust Mozilla more than I trust Google and Microsoft anyway. I cannot understand all the hatred towards Mozilla. Sure, the Quantum upgrade was frustrating, but you get use to it and you can still customize a lot more than you can in Google Chrome.

      1. John Fenderson said on May 10, 2019 at 5:01 pm
        Reply

        @loxia_01:

        I don’t hate Mozilla, personally. I have too lengthy of a history with them for that.

        “but you get use to it and you can still customize a lot more than you can in Google Chrome.”

        Except that the post-Quantum Firefox doesn’t meet my needs at all, and Mozilla has made it clear that it never will. Being more customizable than Chrome means nothing to me — it’s a lot less customizable than pre-Quantum Firefox, in a way that actually matters to me.

      2. Peterc said on May 12, 2019 at 12:47 am
        Reply

        @John Fenderson:

        Ditto across the board.

    3. Nebulus said on May 9, 2019 at 11:54 pm
      Reply

      And who am I suppose to trust? Google? No, thanks.
      Yes, Mozilla did a very serious mistake, but in this particular case I don’t see it as a breach of trust.

      1. Anonymous said on May 10, 2019 at 8:09 am
        Reply

        @Nebulus

        Assuming you’re even modestly competent, being involved with your own security/privacy is not a bad idea especially it’s clear now that Mozilla’s abuses are quite unending.

        As a ghacks user.js user, I’m not affected by this. I’d recommend trusting about:config and software conservatism over Mozilla/Google.

        Informed updating (conservatism) goes a long way!

      2. Martin P. said on May 10, 2019 at 2:46 pm
        Reply

        Says the guy who uses user.js which is especially tailored tor Firefox…

        “Modestly competent” you say?

  4. pHROZEN gHOST said on May 9, 2019 at 8:57 pm
    Reply

    Fool me once, shame on you.
    Fool me twice, shame on me.
    Fool with me again and again and … and again, Good bye Mozilla. We are done!

    1. Anonymous said on May 10, 2019 at 4:39 am
      Reply

      @pHROZEN gHOST
      Why? Just keep taking the antidote like AnorKnee Merce said below lol

    2. 99 said on May 10, 2019 at 8:44 am
      Reply

      ” … and again, Good bye Mozilla. We are done!”

      The Hindus of the desert take a vow to eat no more fish.

    3. Anonymous said on May 10, 2019 at 9:35 pm
      Reply

      And where do you go, my friend ? No sarcasm, I am interested what alternatives you suggest.

  5. Trust? said on May 9, 2019 at 10:05 pm
    Reply

    Maybe you are right. Maybe. On the other hand who would you be willing to “trust” 100 % when it comes to online browsing ? I don’t “trust” any of the worldwide available browsers. I only give in to a browser that fits best to what I like and want and then, ……..with the help of some addons plus avoding Google as much as possible hope for the best.

    I am not a Geek nor do I have the time or want to spend the time to try to find something totally trustworthy on the web. Do I believe I am totally safe and private on the web ? No, naah, njet, nein, ma no ! They still think I am a 14yr. old female with 7 children, divorced twice and driving a Ferrari, living of welfare in Monaco. I think, I can live with that.

  6. AnorKnee Merce said on May 9, 2019 at 10:08 pm
    Reply

    To me, Mozilla-Firefox is less evil than Google-Chrome and M$-Edge.

    Analogy: ……. Mozilla just make you sick with poison for a few days and then provide you with the anti-dote. Google and M$ will enslave you and make you suffer for the rest of your life.

  7. Jojo said on May 10, 2019 at 3:30 am
    Reply

    Just go to about:config and set:

    ‘xpinstall.signatures.required’ to false

    1. Pants said on May 10, 2019 at 8:09 am
      Reply

      That only works on some release channels: ESR, Dev, Nightly

  8. Jack said on May 10, 2019 at 6:19 am
    Reply

    The newly hired ex-journalists are not expedient at coding yet by the looks of it.

  9. PDee said on May 10, 2019 at 12:46 pm
    Reply

    Absolutely wonderful news; thank you to Mozilla. And thanks to ghacks.net for staying on this issue, especially for those of us who really enjoy and depend on a somewhat older version of Firefox.

  10. dedup said on May 10, 2019 at 10:21 pm
    Reply

    thanks Anonymous for the link to the fix, it worked. I even didnt had to desable-enable TabMixPlus or any add-on

  11. Maarten said on May 13, 2019 at 5:47 am
    Reply

    > “Mozilla has yet to publish details on how something like this could happened”

    See https://hacks.mozilla.org/2019/05/technical-details-on-the-recent-firefox-add-on-outage/ for Mozilla’s well written explanation.

    1. AnorKnee Merce said on May 13, 2019 at 11:04 am
      Reply

      Mozilla Corp imposed Firefox(48) add-on signing in 2015 with a certificate that would be expiring in May 2019. Mozilla Corp boasted that she has 15,000 add-ons/extensions on AMO, which depend on her certificate to function. It is improbable that Mozilla Corp forgot to renew the very important add-on/extension certificate, more like intentional, and straight from the horse’s mouth: …….

      “This was due to an error on our end: we *let* one of the certificates used to sign add-ons expire which had the effect of disabling the vast majority of add-ons.”

      let

      verb

      1.
      not prevent or forbid; allow.

      “my boss let me leave early”

      synonyms: allow, permit, give permission to, give leave to, authorize, sanction, grant, grant the right to, warrant, license, empower, enable, entitle;

  12. jackie said on May 15, 2019 at 8:09 am
    Reply

    Thank you Mozilla. My addons for Firefox ESR 52.9.0 are working. And I’m able to installed the error extensions too.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.